public AuthenticatedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
AlgorithmIdentifier macAlgorithm,
AlgorithmIdentifier digestAlgorithm,
ContentInfo encapsulatedContent,
Asn1Set authAttrs,
Asn1OctetString mac,
Asn1Set unauthAttrs)
{
if (digestAlgorithm != null || authAttrs != null)
{
if (digestAlgorithm == null || authAttrs == null)
{
throw new ArgumentException("digestAlgorithm and authAttrs must be set together");
}
}
version = new DerInteger(CalculateVersion(originatorInfo));
this.originatorInfo = originatorInfo;
this.macAlgorithm = macAlgorithm;
this.digestAlgorithm = digestAlgorithm;
this.recipientInfos = recipientInfos;
this.encapsulatedContentInfo = encapsulatedContent;
this.authAttrs = authAttrs;
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
public TimeStampResp(
PkiStatusInfo pkiStatusInfo,
ContentInfo timeStampToken)
{
this.pkiStatusInfo = pkiStatusInfo;
this.timeStampToken = timeStampToken;
}
public CmsEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
EnvelopedData envData = EnvelopedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = envData.RecipientInfos;
//
// read the encrypted content info
//
EncryptedContentInfo encInfo = envData.EncryptedContentInfo;
this.encAlg = encInfo.ContentEncryptionAlgorithm;
ICmsReadable readable = new CmsProcessableByteArray(encInfo.EncryptedContent.GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this.encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.unprotectedAttributes = envData.UnprotectedAttrs;
}
public CmsAuthenticatedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthenticatedData authData = AuthenticatedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = authData.RecipientInfos;
this.macAlg = authData.MacAlgorithm;
//
// read the authenticated content info
//
ContentInfo encInfo = authData.EncapsulatedContentInfo;
ICmsReadable readable = new CmsProcessableByteArray(
Asn1OctetString.GetInstance(encInfo.Content).GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsAuthenticatedSecureReadable(
this.macAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.authAttrs = authData.AuthAttrs;
this.mac = authData.Mac.GetOctets();
this.unauthAttrs = authData.UnauthAttrs;
}
public CmsAuthEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthEnvelopedData authEnvData = AuthEnvelopedData.GetInstance(contentInfo.Content);
this.originator = authEnvData.OriginatorInfo;
//
// read the recipients
//
Asn1Set recipientInfos = authEnvData.RecipientInfos;
//
// read the auth-encrypted content info
//
EncryptedContentInfo authEncInfo = authEnvData.AuthEncryptedContentInfo;
this.authEncAlg = authEncInfo.ContentEncryptionAlgorithm;
CmsSecureReadable secureReadable = new AuthEnvelopedSecureReadable(this);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
// FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
this.authAttrs = authEnvData.AuthAttrs;
this.mac = authEnvData.Mac.GetOctets();
this.unauthAttrs = authEnvData.UnauthAttrs;
}
/**
* Generate an object that contains an CMS Compressed Data
*/
public CmsCompressedData Generate(CmsProcessable content, string compressionOid)
{
AlgorithmIdentifier comAlgId;
Asn1OctetString comOcts;
try
{
using (var bOut = new MemoryStream())
{
using (var zOut = new ZOutputStream(bOut, JZlib.Z_DEFAULT_COMPRESSION))
{
content.Write(zOut);
}
comAlgId = new AlgorithmIdentifier(new DerObjectIdentifier(compressionOid));
comOcts = new BerOctetString(bOut.ToArray());
}
}
catch (IOException e)
{
throw new CmsException("exception encoding data.", e);
}
var comContent = new ContentInfo(CmsObjectIdentifiers.Data, comOcts);
var contentInfo = new ContentInfo(CmsObjectIdentifiers.CompressedData, new CompressedData(comAlgId, comContent));
return new CmsCompressedData(contentInfo);
}
public CompressedData(
Asn1Sequence seq)
{
this.version = (DerInteger) seq[0];
this.compressionAlgorithm = AlgorithmIdentifier.GetInstance(seq[1]);
this.encapContentInfo = ContentInfo.GetInstance(seq[2]);
}
private TimeStampAndCrl(Asn1Sequence seq)
{
this.timeStamp = ContentInfo.GetInstance(seq[0]);
if (seq.Count == 2)
{
this.crl = X509.CertificateList.GetInstance(seq[1]);
}
}
private CmsSignedData(
CmsSignedData c)
{
this.signedData = c.signedData;
this.contentInfo = c.contentInfo;
this.signedContent = c.signedContent;
this.signerInfoStore = c.signerInfoStore;
}
public CompressedData(
AlgorithmIdentifier compressionAlgorithm,
ContentInfo encapContentInfo)
{
this.version = new DerInteger(0);
this.compressionAlgorithm = compressionAlgorithm;
this.encapContentInfo = encapContentInfo;
}
private TimeStampResp(
Asn1Sequence seq)
{
this.pkiStatusInfo = PkiStatusInfo.GetInstance(seq[0]);
if (seq.Count > 1)
{
this.timeStampToken = ContentInfo.GetInstance(seq[1]);
}
}
public SignedData(
Asn1Set digestAlgorithms,
ContentInfo contentInfo,
Asn1Set certificates,
Asn1Set crls,
Asn1Set signerInfos)
{
this.version = CalculateVersion(contentInfo.ContentType, certificates, crls, signerInfos);
this.digestAlgorithms = digestAlgorithms;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
this.crlsBer = crls is BerSet;
this.certsBer = certificates is BerSet;
}
private AuthenticatedData(
Asn1Sequence seq)
{
int index = 0;
version = (DerInteger)seq[index++];
Asn1Encodable tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++];
}
recipientInfos = Asn1Set.GetInstance(tmp);
macAlgorithm = AlgorithmIdentifier.GetInstance(seq[index++]);
tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
digestAlgorithm = AlgorithmIdentifier.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++];
}
encapsulatedContentInfo = ContentInfo.GetInstance(tmp);
tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
authAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++];
}
mac = Asn1OctetString.GetInstance(tmp);
if (seq.Count > index)
{
unauthAttrs = Asn1Set.GetInstance((Asn1TaggedObject)seq[index], false);
}
}
public TimeStampAndCrl(ContentInfo timeStamp)
{
this.timeStamp = timeStamp;
}
public CmsSignedData(
IDictionary hashes,
ContentInfo sigData)
{
this.hashes = hashes;
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
}
public CmsSignedData(
ContentInfo sigData)
{
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
//
// this can happen if the signed message is sent simply to send a
// certificate chain.
//
if (signedData.EncapContentInfo.Content != null)
{
this.signedContent = new CmsProcessableByteArray(
((Asn1OctetString)(signedData.EncapContentInfo.Content)).GetOctets());
}
// else
// {
// this.signedContent = null;
// }
}
public TimeStampAndCrl(ContentInfo timeStamp)
{
this.timeStamp = timeStamp;
}
public CmsCompressedData(ContentInfo contentInfo)
{
ContentInfoInternal = contentInfo;
}
/// <summary>
/// Generate an enveloped object that contains a CMS Enveloped Data
/// object using the passed in key generator.
/// </summary>
private CmsEnvelopedData Generate(
CmsProcessable content,
string encryptionOid,
CipherKeyGenerator keyGen)
{
AlgorithmIdentifier encAlgId = null;
KeyParameter encKey;
Asn1OctetString encContent;
try
{
byte[] encKeyBytes = keyGen.GenerateKey();
encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes);
Asn1Encodable asn1Params = GenerateAsn1Parameters(encryptionOid, encKeyBytes);
ICipherParameters cipherParameters;
encAlgId = GetAlgorithmIdentifier(
encryptionOid, encKey, asn1Params, out cipherParameters);
IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid);
cipher.Init(true, new ParametersWithRandom(cipherParameters, rand));
MemoryStream bOut = new MemoryStream();
CipherStream cOut = new CipherStream(bOut, null, cipher);
content.Write(cOut);
cOut.Dispose();
encContent = new BerOctetString(bOut.ToArray());
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("exception decoding algorithm parameters.", e);
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInfoGenerator rig in recipientInfoGenerators)
{
try
{
recipientInfos.Add(rig.Generate(encKey, rand));
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
EncryptedContentInfo eci = new EncryptedContentInfo(
CmsObjectIdentifiers.Data,
encAlgId,
encContent);
Asn1Set unprotectedAttrSet = null;
if (unprotectedAttributeGenerator != null)
{
Asn1.Cms.AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(Platform.CreateHashtable());
unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector());
}
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.EnvelopedData,
new EnvelopedData(null, new DerSet(recipientInfos), eci, unprotectedAttrSet));
return new CmsEnvelopedData(contentInfo);
}
/**
* generate a signed object that for a CMS Signed Data
* object - if encapsulate is true a copy
* of the message will be included in the signature. The content type
* is set according to the OID represented by the string signedContentType.
*/
public CmsSignedData Generate(string signedContentType, // FIXME Avoid accessing more than once to support CmsProcessableInputStream
CmsProcessable content, bool encapsulate)
{
var digestAlgs = new Asn1EncodableVector();
var signerInfos = new Asn1EncodableVector();
_digests.Clear(); // clear the current preserved digest state
//
// add the precalculated SignerInfo objects.
//
foreach (SignerInformation signer in _signers)
{
digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID));
// TODO Verify the content type and calculated digest match the precalculated SignerInfo
signerInfos.Add(signer.ToSignerInfo());
}
//
// add the SignerInfo objects
//
bool isCounterSignature = (signedContentType == null);
DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType);
foreach (SignerInf signer in _signerInfs)
{
try
{
digestAlgs.Add(signer.DigestAlgorithmID);
signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content, rand));
}
catch (IOException e)
{
throw new CmsException("encoding error.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for signature.", e);
}
catch (SignatureException e)
{
throw new CmsException("error creating signature.", e);
}
catch (CertificateEncodingException e)
{
throw new CmsException("error creating sid.", e);
}
}
Asn1Set certificates = null;
if (_certs.Count != 0)
{
certificates = CmsUtilities.CreateBerSetFromList(_certs);
}
Asn1Set certrevlist = null;
if (_crls.Count != 0)
{
certrevlist = CmsUtilities.CreateBerSetFromList(_crls);
}
Asn1OctetString octs = null;
if (encapsulate)
{
var bOut = new MemoryStream();
if (content != null)
{
try
{
content.Write(bOut);
}
catch (IOException e)
{
throw new CmsException("encapsulation error.", e);
}
}
octs = new BerOctetString(bOut.ToArray());
}
var encInfo = new ContentInfo(contentTypeOid, octs);
var sd = new SignedData(new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos));
var contentInfo = new ContentInfo(CmsObjectIdentifiers.SignedData, sd);
return new CmsSignedData(content, contentInfo);
}
/**
* generate an enveloped object that contains an CMS Enveloped Data
* object using the given provider and the passed in key generator.
*/
private CmsAuthenticatedData Generate(
CmsProcessable content,
string macOid,
CipherKeyGenerator keyGen)
{
AlgorithmIdentifier macAlgId;
KeyParameter encKey;
Asn1OctetString encContent;
Asn1OctetString macResult;
try
{
// FIXME Will this work for macs?
byte[] encKeyBytes = keyGen.GenerateKey();
encKey = ParameterUtilities.CreateKeyParameter(macOid, encKeyBytes);
Asn1Encodable asn1Params = GenerateAsn1Parameters(macOid, encKeyBytes);
ICipherParameters cipherParameters;
macAlgId = GetAlgorithmIdentifier(
macOid, encKey, asn1Params, out cipherParameters);
IMac mac = MacUtilities.GetMac(macOid);
// TODO Confirm no ParametersWithRandom needed
// FIXME Only passing key at the moment
// mac.Init(cipherParameters);
mac.Init(encKey);
MemoryStream bOut = new MemoryStream();
Stream mOut = new TeeOutputStream(bOut, new MacOutputStream(mac));
content.Write(mOut);
mOut.Dispose();
bOut.Dispose();
encContent = new BerOctetString(bOut.ToArray());
byte[] macOctets = MacUtilities.DoFinal(mac);
macResult = new DerOctetString(macOctets);
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("exception decoding algorithm parameters.", e);
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInfoGenerator rig in recipientInfoGenerators)
{
try
{
recipientInfos.Add(rig.Generate(encKey, rand));
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
ContentInfo eci = new ContentInfo(CmsObjectIdentifiers.Data, encContent);
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.AuthenticatedData,
new AuthenticatedData(null, new DerSet(recipientInfos), macAlgId, null, eci, null, macResult, null));
return new CmsAuthenticatedData(contentInfo);
}
private SignedData(
Asn1Sequence seq)
{
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
version = (DerInteger)e.Current;
e.MoveNext();
digestAlgorithms = ((Asn1Set)e.Current);
e.MoveNext();
contentInfo = ContentInfo.GetInstance(e.Current);
while (e.MoveNext())
{
Asn1Object o = (Asn1Object)e.Current;
//
// an interesting feature of SignedData is that there appear
// to be varying implementations...
// for the moment we ignore anything which doesn't fit.
//
if (o is Asn1TaggedObject)
{
Asn1TaggedObject tagged = (Asn1TaggedObject)o;
switch (tagged.TagNo)
{
case 0:
certsBer = tagged is BerTaggedObject;
certificates = Asn1Set.GetInstance(tagged, false);
break;
case 1:
crlsBer = tagged is BerTaggedObject;
crls = Asn1Set.GetInstance(tagged, false);
break;
default:
throw new ArgumentException("unknown tag value " + tagged.TagNo);
}
}
else
{
signerInfos = (Asn1Set) o;
}
}
}
public CmsSignedData(
CmsProcessable signedContent,
ContentInfo sigData)
{
this.signedContent = signedContent;
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
}
